Validate additional input is present for associated payment method

Author: pmclain

app/code/Magento/BraintreeGraphQl/Model/BraintreeDataProvider.php

@@ -7,8 +7,8 @@
 
 namespace Magento\BraintreeGraphQl\Model;
 
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\QuoteGraphQl\Model\Cart\Payment\AdditionalDataProviderInterface;
-use Magento\Framework\Stdlib\ArrayManager;
 
 /**
  * Format Braintree input into value expected when setting payment method
@@ -17,28 +17,21 @@ class BraintreeDataProvider implements AdditionalDataProviderInterface
 {
     private const PATH_ADDITIONAL_DATA = 'braintree';
 
-    /**
-     * @var ArrayManager
-     */
-    private $arrayManager;
-
-    /**
-     * @param ArrayManager $arrayManager
-     */
-    public function __construct(
-        ArrayManager $arrayManager
-    ) {
-        $this->arrayManager = $arrayManager;
-    }
-
     /**
      * Format Braintree input into value expected when setting payment method
      *
      * @param array $args
      * @return array
+     * @throws GraphQlInputException
      */
     public function getData(array $args): array
     {
-        return $this->arrayManager->get(static::PATH_ADDITIONAL_DATA, $args) ?? [];
+        if (!isset($args[static::PATH_ADDITIONAL_DATA])) {
+            throw new GraphQlInputException(
+                __('Required parameter "braintree" for "payment_method" is missing.')
+            );
+        }
+
+        return $args[static::PATH_ADDITIONAL_DATA];
     }
 }

app/code/Magento/BraintreeGraphQl/Model/BraintreeVaultDataProvider.php

@@ -7,8 +7,8 @@
 
 namespace Magento\BraintreeGraphQl\Model;
 
+use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\QuoteGraphQl\Model\Cart\Payment\AdditionalDataProviderInterface;
-use Magento\Framework\Stdlib\ArrayManager;
 
 /**
  * Format Braintree input into value expected when setting payment method
@@ -17,20 +17,6 @@ class BraintreeVaultDataProvider implements AdditionalDataProviderInterface
 {
     private const PATH_ADDITIONAL_DATA = 'braintree_cc_vault';
 
-    /**
-     * @var ArrayManager
-     */
-    private $arrayManager;
-
-    /**
-     * @param ArrayManager $arrayManager
-     */
-    public function __construct(
-        ArrayManager $arrayManager
-    ) {
-        $this->arrayManager = $arrayManager;
-    }
-
     /**
      * Format Braintree input into value expected when setting payment method
      *
@@ -39,6 +25,12 @@ public function __construct(
      */
     public function getData(array $args): array
     {
-        return $this->arrayManager->get(static::PATH_ADDITIONAL_DATA, $args) ?? [];
+        if (!isset($args[static::PATH_ADDITIONAL_DATA])) {
+            throw new GraphQlInputException(
+                __('Required parameter "braintree_cc_vault" for "payment_method" is missing.')
+            );
+        }
+
+        return $args[static::PATH_ADDITIONAL_DATA];
     }
 }

app/code/Magento/BraintreeGraphQl/Plugin/SetVaultPaymentNonce.php

@@ -53,7 +53,9 @@ public function beforeExecute(
         \Magento\Quote\Model\Quote $quote,
         array $paymentData
     ): array {
-        if ($paymentData['code'] !== ConfigProvider::CC_VAULT_CODE) {
+        if ($paymentData['code'] !== ConfigProvider::CC_VAULT_CODE
+            || !isset($paymentData[ConfigProvider::CC_VAULT_CODE])
+        ) {
             return [$quote, $paymentData];
         }
 

dev/tests/api-functional/testsuite/Magento/GraphQl/Braintree/Customer/SetPaymentMethodTest.php

@@ -183,6 +183,41 @@ public function testPlaceOrderWithVault()
         $this->assertPlaceOrderResponse($placeOrderResponse, $reservedOrderId);
     }
 
+    /**
+     * @magentoApiDataFixture Magento/Customer/_files/customer.php
+     * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/enable_offline_shipping_methods.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/customer/create_empty_cart.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/add_simple_product.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_shipping_address.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_billing_address.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_flatrate_shipping_method.php
+     * @magentoApiDataFixture Magento/GraphQl/Braintree/_files/enable_braintree_payment.php
+     * @dataProvider dataProviderTestSetPaymentMethodInvalidInput
+     * @expectedException \Exception
+     * @param string $methodCode
+     */
+    public function testSetPaymentMethodInvalidInput(string $methodCode)
+    {
+        $reservedOrderId = 'test_quote';
+        $maskedQuoteId = $this->getMaskedQuoteIdByReservedOrderId->execute($reservedOrderId);
+
+        $setPaymentQuery = $this->getSetPaymentBraintreeQueryInvalidInput(
+            $maskedQuoteId,
+            $methodCode
+        );
+        $this->expectExceptionMessage("Required parameter \"$methodCode\" for \"payment_method\" is missing.");
+        $this->graphQlMutation($setPaymentQuery, [], '', $this->getHeaderMap());
+    }
+
+    public function dataProviderTestSetPaymentMethodInvalidInput(): array
+    {
+        return [
+            ['braintree'],
+            ['braintree_cc_vault'],
+        ];
+    }
+
     private function assertPlaceOrderResponse(array $response, string $reservedOrderId): void
     {
         self::assertArrayHasKey('placeOrder', $response);
@@ -260,6 +295,31 @@ private function getSetPaymentBraintreeVaultQuery(
 QUERY;
     }
 
+    /**
+     * @param string $maskedQuoteId
+     * @param string $methodCode
+     * @return string
+     */
+    private function getSetPaymentBraintreeQueryInvalidInput(string $maskedQuoteId, string $methodCode): string
+    {
+        return <<<QUERY
+mutation {
+  setPaymentMethodOnCart(input:{
+    cart_id:"{$maskedQuoteId}"
+    payment_method:{
+      code:"{$methodCode}"
+    }
+  }) {
+    cart {
+      selected_payment_method {
+        code
+      }
+    }
+  }
+}
+QUERY;
+    }
+
     /**
      * @param string $maskedQuoteId
      * @return string

dev/tests/api-functional/testsuite/Magento/GraphQl/Braintree/Guest/SetPaymentMethodTest.php

@@ -68,13 +68,14 @@ protected function setUp()
      * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_billing_address.php
      * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_flatrate_shipping_method.php
      * @magentoApiDataFixture Magento/GraphQl/Braintree/_files/enable_braintree_payment.php
+     * @dataProvider dataProviderTestPlaceOrder
      */
-    public function testPlaceOrder()
+    public function testPlaceOrder(string $nonce)
     {
         $reservedOrderId = 'test_quote';
         $maskedQuoteId = $this->getMaskedQuoteIdByReservedOrderId->execute($reservedOrderId);
 
-        $setPaymentQuery = $this->getSetPaymentBraintreeQuery($maskedQuoteId);
+        $setPaymentQuery = $this->getSetPaymentBraintreeQuery($maskedQuoteId, $nonce);
         $setPaymentResponse = $this->graphQlMutation($setPaymentQuery);
 
         $this->assertSetPaymentMethodResponse($setPaymentResponse, 'braintree');
@@ -85,6 +86,41 @@ public function testPlaceOrder()
         $this->assertPlaceOrderResponse($placeOrderResponse, $reservedOrderId);
     }
 
+    /**
+     * Data provider for testPlaceOrder
+     *
+     * @return array
+     */
+    public function dataProviderTestPlaceOrder(): array
+    {
+        return [
+            ['fake-valid-nonce'],
+            ['fake-apple-pay-visa-nonce'],
+        ];
+    }
+
+    /**
+     * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/enable_offline_shipping_methods.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/guest/create_empty_cart.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/guest/set_guest_email.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/add_simple_product.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_shipping_address.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_new_billing_address.php
+     * @magentoApiDataFixture Magento/GraphQl/Quote/_files/set_flatrate_shipping_method.php
+     * @magentoApiDataFixture Magento/GraphQl/Braintree/_files/enable_braintree_payment.php
+     * @expectedException \Exception
+     */
+    public function testSetPaymentMethodInvalidInput()
+    {
+        $reservedOrderId = 'test_quote';
+        $maskedQuoteId = $this->getMaskedQuoteIdByReservedOrderId->execute($reservedOrderId);
+
+        $setPaymentQuery = $this->getSetPaymentBraintreeQueryInvalidInput($maskedQuoteId);
+        $this->expectExceptionMessage("Required parameter \"braintree\" for \"payment_method\" is missing.");
+        $this->graphQlMutation($setPaymentQuery);
+    }
+
     private function assertPlaceOrderResponse(array $response, string $reservedOrderId): void
     {
         self::assertArrayHasKey('placeOrder', $response);
@@ -106,7 +142,7 @@ private function assertSetPaymentMethodResponse(array $response, string $methodC
      * @param string $maskedQuoteId
      * @return string
      */
-    private function getSetPaymentBraintreeQuery(string $maskedQuoteId): string
+    private function getSetPaymentBraintreeQuery(string $maskedQuoteId, string $nonce): string
     {
         return <<<QUERY
 mutation {
@@ -130,6 +166,30 @@ private function getSetPaymentBraintreeQuery(string $maskedQuoteId): string
 QUERY;
     }
 
+    /**
+     * @param string $maskedQuoteId
+     * @return string
+     */
+    private function getSetPaymentBraintreeQueryInvalidInput(string $maskedQuoteId): string
+    {
+        return <<<QUERY
+mutation {
+  setPaymentMethodOnCart(input:{
+    cart_id:"{$maskedQuoteId}"
+    payment_method:{
+      code:"braintree"
+    }
+  }) {
+    cart {
+      selected_payment_method {
+        code
+      }
+    }
+  }
+}
+QUERY;
+    }
+
     /**
      * @param string $maskedQuoteId
      * @return string